Apple standard procedures won't work with security

Материал готовится, пожалуйста, возвращайтесь позднее

On May 24, Apple posted a support forum entry on how to avoid or remove the MacDefender malware that's been plaguing an unknown number of users since early May. And I'm glad they did. But the support forum is way overdue, and Apple's standard method of responding to user issues — ignore them until they won't go away and then issue a response when the outcry gets too loud — simply won't fly where user security is at stake. Mac users are a juicy, unprotected target for hackers, phishers, and scammers, and Apple needs to drop the impenetrable fortress act and help them raise the drawbridge. MacDefender and its malicious software variants have been landing on Macs since at least May 2, when Intego and Sophos first reported on a massive SEO poisoning scheme that had Windows and Mac users alike clicking on malicious links and becoming infected with a Trojan program. My colleague Ed Bott's attempts to bring the MacDefender issue to light were a fascinating saga all their own. Bott faced massive backlash from Apple users who insisted there was no malware problem — or if there was, it paled in comparison with the security nightmare that is Windows (their words, not mine). Fanboys accused him of inventing the whole tale. And John Gruber of Daring Fireball denounced the MacDefender concerns and said Bott was "crying wolf." Nevertheless, the problem persisted, and the support calls increased. And then a source inside Apple support told Bott that Apple had issued new instructions for support reps to follow when handling MacDefender cases. Those instructions? Don't help them. The full text of the instructions are here. Support reps were told not to tell customers infected with MacDefender how to force quit Safari, remove items from the start-up process, or how to force quit the Mac Defender process — and not to refer those customers to forums where they might actually find help. Support reps were also instructed to dodge "general" questions that might lead to resolutions if they knew the customer was calling about MacDefender. Why? Because the customer (the victim of this malware, to be clear) was trying to ask "obvious questions to skirt our policy." So, when Apple — more than three weeks after this malicious software appeared in the wild — got around to posting a support forum on how to remove or avoid MacDefender, it was also nearly a week after Google reportedly killed a lot of the poison links that were infecting people in the first place, a week after CNET and others posted instructions on how to remove MacDefender, and at least one support memo too late to demonstrate a serious commitment to customer security. As both Mac defenders (if you will) and critics alike point out, this behavior is Apple's standard operating procedure for dealing with problems of imperfection. MacBook discoloration and whining? Deny or ignore for weeks, then eventually fix the problem. Cracks in MacBooks? Never happened. Defective display reports on iMacs that cropped up in 2007? Ignore for years and continue to ship problem displays until 2010, when you say they've been fixed. The "raster shift" problem with eMacs? Ignore, deny, and quietly fix case-by-case. iPhone 4 death grip issues? Tell everyone they're holding the phone wrong, then eventually hold a press conference and offer free bumpers.